Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 10221 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow user to scan and clean threats from USB stick

dluneau

A user needs to scan and clean up threats found on USB sticks that belong to students.  Adding the user to the SophosPowerUsers local group does not seem to work nor does adding the user to SophosAdministrators group.  When I say doesn't work, the perform action button is greyed out when box is checked next to threat that needs attention.

USB stick is inserted, Sophos detects threat Mal/Conficker-A

E:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

TIA

:51710


This thread was automatically locked due to age.
Parents
  • 0

    Hello dluneau,

    thanks for the screenshot. Adware and PUAs are a special case and never cleaned up during on-access scan. The actions column clearly states insufficient rights as reason for no actions available.

    For the Mal/Generic-L detection the reason is incomplete cleanup and the suggested action manual removal. As the name implies it's a generic detection, therefore cleanup is rather cautious (and doesn't offer deletion as last resort - note that Delete as available action and manual removal is not quite the same). For generic detections (and if suggested in the analysis) sending in a sample is a good idea. 

    As to the Mal/Conficker-A perhaps the AV log (SAV.txt) has a little bit more information why the item hasn't been cleaned up. As it is obviously unwanted you try to remove it by simply running a (scheduled) scan with Delete as alternate action.

    HTH
    Christian

    :51752
Reply
  • 0

    Hello dluneau,

    thanks for the screenshot. Adware and PUAs are a special case and never cleaned up during on-access scan. The actions column clearly states insufficient rights as reason for no actions available.

    For the Mal/Generic-L detection the reason is incomplete cleanup and the suggested action manual removal. As the name implies it's a generic detection, therefore cleanup is rather cautious (and doesn't offer deletion as last resort - note that Delete as available action and manual removal is not quite the same). For generic detections (and if suggested in the analysis) sending in a sample is a good idea. 

    As to the Mal/Conficker-A perhaps the AV log (SAV.txt) has a little bit more information why the item hasn't been cleaned up. As it is obviously unwanted you try to remove it by simply running a (scheduled) scan with Delete as alternate action.

    HTH
    Christian

    :51752
Children
No Data
Unfiltered HTML